Commit 533ec1b9 authored by intrigeri's avatar intrigeri
Browse files

Merge branch 'devel' into testing

parents 4af3d91b a53821a8
......@@ -138,6 +138,10 @@ Package: libcryptsetup4
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: libestr0
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: libotr5
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
......@@ -238,6 +242,10 @@ Package: python-electrum
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: rsyslog
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: scdaemon
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
......
#!/bin/sh
set -e
echo "Deleting unused AppArmor profiles"
(
cd /etc/apparmor.d
rm \
apache2.d/phpsysinfo \
sbin.klogd \
sbin.syslogd \
sbin.syslog-ng \
usr.bin.chromium-browser \
usr.lib.dovecot.* \
usr.sbin.dnsmasq \
usr.sbin.dovecot \
usr.sbin.identd \
usr.sbin.mdnsd \
usr.sbin.nmbd \
usr.sbin.ntpd \
usr.sbin.nscd \
usr.sbin.smb*
)
......@@ -66,6 +66,7 @@ gksu
aircrack-ng
apparmor
apparmor-profiles
apparmor-profiles-extra
audacity
barry-util
......@@ -219,7 +220,6 @@ syslinux-efi
# ships isohybrid in syslinux 6.x packaging
syslinux-utils
system-config-printer
systemd
synaptic
torsocks
totem-plugins
......
--- a/etc/apparmor.d/tunables/home 2012-07-17 17:30:16.000000000 +0000
+++ b/etc/apparmor.d/tunables/home 2014-09-17 05:23:26.383556000 +0000
@@ -18,7 +18,7 @@
# @{HOMEDIRS} is a space-separated list of where user home directories
# are stored, for programs that must enumerate all home directories on a
# system.
-@{HOMEDIRS}=/home/
+@{HOMEDIRS}=/home/ /lib/live/mount/overlay/home/
# Also, include files in tunables/home.d for site-specific adjustments to
# @{HOMEDIRS}.
--- a/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:47:51.945948920 +0100
+++ b/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:48:29.273511368 +0100
--- a/etc/apparmor.d/usr.bin.pidgin 2015-06-04 12:37:02.453412928 +0000
+++ b/etc/apparmor.d/usr.bin.pidgin 2015-06-04 12:37:40.309205204 +0000
@@ -11,7 +11,7 @@
#include <abstractions/enchant>
#include <abstractions/gnome>
#include <abstractions/ibus>
- #include <abstractions/launchpad-integration>
+ # #include <abstractions/launchpad-integration>
#include <abstractions/nameservice>
#include <abstractions/private-files-strict>
#include <abstractions/ssl_certs>
@@ -46,6 +46,7 @@
/usr/bin/gvfs-open rmix,
/usr/bin/pidgin r,
......@@ -8,3 +17,4 @@
/usr/share/gnome/applications/ r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
--- a/etc/apparmor.d/system_tor 2014-09-12 15:44:48.000000000 +0000
+++ b//etc/apparmor.d/system_tor 2014-09-17 04:41:35.591556000 +0000
@@ -4,8 +4,12 @@
--- a/etc/apparmor.d/system_tor 2015-06-04 12:28:12.243020484 +0000
+++ b/etc/apparmor.d/system_tor 2015-06-04 12:29:32.580249731 +0000
@@ -4,6 +4,9 @@
profile system_tor {
#include <abstractions/tor>
+ owner /etc/tor/torrc w,
+ owner /etc/tor/torrc.* w,
+ /lib/live/mount/overlay/etc/tor/* wl,
+ link /etc/tor/.wh.torrc -> /.wh..wh.aufs,
+ /etc/tor/* w,
+
- owner /var/lib/tor/** rwk,
- owner /var/log/tor/* w,
+ owner /{,lib/live/mount/overlay/}var/lib/tor/** rwk,
+ owner /{,lib/live/mount/overlay/}var/log/tor/* w,
owner /var/lib/tor/** rwk,
owner /var/log/tor/* w,
/{,var/}run/tor/control w,
/{,var/}run/tor/tor.pid w,
--- a/etc/apparmor.d/abstractions/user-tmp 2012-07-17 17:30:16.000000000 +0000
+++ b/etc/apparmor.d/abstractions/user-tmp 2014-09-17 05:39:57.871556000 +0000
@@ -14,7 +14,7 @@
owner @{HOME}/tmp/ rw,
# global tmp directories
- owner /var/tmp/** rwkl,
- /var/tmp/ rw,
- owner /tmp/** rwkl,
- /tmp/ rw,
+ owner /{,lib/live/mount/overlay/}var/tmp/** rwkl,
+ /{,lib/live/mount/overlay/}var/tmp/ rw,
+ owner /{,lib/live/mount/overlay/}tmp/** rwkl,
+ /{,lib/live/mount/overlay/}tmp/ rw,
--- a/etc/apparmor.d/usr.bin.vidalia 2015-06-10 09:15:34.668000000 +0000
+++ b/etc/apparmor.d/usr.bin.vidalia 2015-06-10 09:38:17.812000000 +0000
@@ -9,6 +9,8 @@
owner @{HOME}/.vidalia/ rw,
owner @{HOME}/.vidalia/** rwmk,
+ owner /lib/live/mount/rootfs/*.squashfs/home/vidalia/.vidalia/ rw,
+ owner /lib/live/mount/rootfs/*.squashfs/home/vidalia/.vidalia/** rwmk,
/{var/,} r,
/{var/,}run/ r,
@@ -22,6 +24,13 @@
owner @{PROC}/[0-9]*/cmdline r,
owner @{PROC}/[0-9]*/fd/ r,
+ deny /var/cache/fontconfig/ w,
+ /home/vidalia/.fontconfig/ rw,
+ /home/vidalia/.fontconfig/* rw,
+ /home/vidalia/.config/Trolltech.conf* rw,
+ /home/vidalia/.wh..wh..vidalia.*/ rw,
+ /lib/live/mount/overlay/home/vidalia/.wh..wh..vidalia.*/ rw,
+
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.vidalia>
}
--- a/etc/apparmor.d.orig/abstractions/base 2013-07-10 22:05:57.000000000 +0000
+++ b/etc/apparmor.d/abstractions/base 2015-06-03 18:11:08.402380000 +0000
@@ -47,17 +47,19 @@
# available everywhere
/etc/ld.so.cache mr,
/lib{,32,64}/ld{,32,64}-*.so mrix,
- /lib{,32,64}/**/ld{,32,64}-*.so mrix,
+ /lib{32,64}/**/ld{,32,64}-*.so mrix,
+ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/ld{,32,64}-*.so mrix,
/lib/@{multiarch}/ld{,32,64}-*.so mrix,
/lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
/lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
/opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,
# we might as well allow everything to use common libraries
- /lib{,32,64}/** r,
+ /lib{32,64}/** r,
+ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
/lib{,32,64}/lib*.so* mr,
- /lib{,32,64}/**/lib*.so* mr,
- /lib/@{multiarch}/** r,
+ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/lib*.so* mr,
+ /lib/@{multiarch}/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
/lib/@{multiarch}/lib*.so* mr,
/lib/@{multiarch}/**/lib*.so* mr,
/usr/lib{,32,64}/** r,
diff -Naur '--exclude=cache' /etc/apparmor.d.orig/abstractions/ubuntu-helpers /etc/apparmor.d/abstractions/ubuntu-helpers
--- a/etc/apparmor.d.orig/abstractions/ubuntu-helpers 2013-07-10 22:05:57.000000000 +0000
+++ b/etc/apparmor.d/abstractions/ubuntu-helpers 2015-06-03 18:16:42.022380000 +0000
@@ -63,8 +63,8 @@
# in limited libraries so glibc's secure execution should be enough to not
# require the santized_helper (ie, LD_PRELOAD will only use standard system
# paths (man ld.so)).
- /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
- /usr/lib/chromium-browser/chrome-sandbox PUxr,
+ # /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
+ # /usr/lib/chromium-browser/chrome-sandbox PUxr,
/opt/google/chrome/chrome-sandbox PUxr,
/opt/google/chrome/google-chrome Pixr,
/opt/google/chrome/chrome Pixr,
@@ -73,7 +73,8 @@
# Full access
/ r,
/** rwkl,
- /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,
+ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}{,**/}*.so{,.*} m,
+ /usr{/,/local/}lib{,32,64}/{,**/}*.so{,.*} m,
# Dangerous files
audit deny owner /**/* m, # compiled libraries
diff -Naur '--exclude=cache' /etc/apparmor.d.orig/tunables/alias /etc/apparmor.d/tunables/alias
--- a/etc/apparmor.d.orig/tunables/alias 2013-07-10 22:05:57.000000000 +0000
+++ b/etc/apparmor.d/tunables/alias 2015-06-03 18:12:46.426380000 +0000
@@ -14,3 +14,7 @@
#
# Or if mysql databases are stored in /home:
# alias /var/lib/mysql/ -> /home/mysql/,
+
+alias / -> /lib/live/mount/overlay/,
+alias / -> /lib/live/mount/rootfs/*.squashfs/,
+
diff --git a/scripts/boot/9990-overlay.sh b/scripts/boot/9990-overlay.sh
index 098111c..e1cfd15 100755
--- a/lib/live/boot/9990-overlay.sh
+++ b/lib/live/boot/9990-overlay.sh
@@ -156,7 +156,7 @@ setup_unionfs ()
# tmpfs file systems
touch /etc/fstab
mkdir -p /live/overlay
- mount -t tmpfs tmpfs /live/overlay
+ # mount -t tmpfs tmpfs /live/overlay
# Looking for persistence devices or files
if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ]
......@@ -22,10 +22,27 @@ Feature: Using Evince
Scenario: I cannot view a PDF file stored in non-persistent /home/amnesia/.gnupg
Given I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
And AppArmor has not denied "/usr/bin/evince" from opening "/home/amnesia/.gnupg/default-testpage.pdf"
Then the file "/home/amnesia/.gnupg/default-testpage.pdf" exists
And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists
And the file "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists
Given AppArmor has not denied "/usr/bin/evince" from opening "/home/amnesia/.gnupg/default-testpage.pdf"
When I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/evince" from opening "/home/amnesia/.gnupg/default-testpage.pdf"
When I close Evince
Given AppArmor has not denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
When I try to open "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
When I close Evince
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay. We have to clear syslog first,
# otherwise we'll look for the same entry as above again.
Given I clear syslog
And AppArmor has not denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
When I try to open "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
@keep_volumes
Scenario: Installing Tails on a USB drive, creating a persistent partition, copying PDF files to it
......
......@@ -80,6 +80,12 @@ Feature: Chatting anonymously using Pidgin
And I see Pidgin's account manager window
And I close Pidgin's account manager window
Then I cannot add a certificate from the "/home/amnesia/.gnupg" directory to Pidgin
When I close Pidgin's certificate import failure dialog
And I close Pidgin's certificate manager
Then I cannot add a certificate from the "/lib/live/mount/overlay/home/amnesia/.gnupg" directory to Pidgin
When I close Pidgin's certificate import failure dialog
And I close Pidgin's certificate manager
Then I cannot add a certificate from the "/live/overlay/home/amnesia/.gnupg" directory to Pidgin
@keep_volumes @check_tor_leaks
Scenario: Using a persistent Pidgin configuration
......
......@@ -957,9 +957,11 @@ When /^I click the HTML5 play button$/ do
@screen.wait_and_click("TorBrowserHtml5PlayButton.png", 30)
end
When /^I can save the current page as "([^"]+[.]html)" to the (default downloads|persistent Tor Browser) directory$/ do |output_file, output_dir|
When /^I (can|cannot) save the current page as "([^"]+[.]html)" to the (.*) directory$/ do |should_work, output_file, output_dir|
next if @skip_steps_while_restoring_background
should_work = should_work == 'can' ? true : false
@screen.type("s", Sikuli::KeyModifier.CTRL)
@screen.wait("TorBrowserSaveDialog.png", 10)
if output_dir == "persistent Tor Browser"
output_dir = "/home/#{LIVE_USER}/Persistent/Tor Browser"
@screen.wait_and_click("GtkTorBrowserPersistentBookmark.png", 10)
......@@ -968,16 +970,22 @@ When /^I can save the current page as "([^"]+[.]html)" to the (default downloads
# let's use the keyboard shortcut to focus its field
@screen.type("n", Sikuli::KeyModifier.ALT)
@screen.wait("TorBrowserSaveOutputFileSelected.png", 10)
else
elsif output_dir == "default downloads"
output_dir = "/home/#{LIVE_USER}/Tor Browser"
else
@screen.type(output_dir + '/')
end
# Only the part of the filename before the .html extension can be easily replaced
# so we have to remove it before typing it into the arget filename entry widget.
@screen.type(output_file.sub(/[.]html$/, ''))
@screen.type(Sikuli::Key.ENTER)
try_for(10, :msg => "The page was not saved to #{output_dir}/#{output_file}") {
@vm.file_exist?("#{output_dir}/#{output_file}")
}
if should_work
try_for(10, :msg => "The page was not saved to #{output_dir}/#{output_file}") {
@vm.file_exist?("#{output_dir}/#{output_file}")
}
else
@screen.wait("TorBrowserCannotSavePage.png", 10)
end
end
When /^I can print the current page as "([^"]+[.]pdf)" to the (default downloads|persistent Tor Browser) directory$/ do |output_file, output_dir|
......@@ -1112,6 +1120,11 @@ Given /^I wait (?:between (\d+) and )?(\d+) seconds$/ do |min, max|
sleep(time)
end
Given /^I clear syslog$/ do
next if @skip_steps_while_restoring_background
@vm.execute_successfully('echo > /var/log/syslog')
end
When /^AppArmor has (not )?denied "([^"]+)" from opening "([^"]+)"(?: after at most (\d+) seconds)?$/ do |anti_test, profile, file, time|
next if @skip_steps_while_restoring_background
expected_cmd_status = anti_test ? false : true
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment